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1.Introduction to MS 365 Security 


What is MS 365 security? 

Microsoft 365 Security is acomprehensive security package built on Microsoft 365 platforms such as 
Exchange Online, SharePoint Online and OneDrive for Business. It includes several features that help 
improve the security of corporate data and users, including: 


Threat protection: Microsoft 365 Security provides advanced threat detection and prevention based 
on artificial intelligence and machine learning to detect and block attacks on email mailboxes, 
SharePoint and OneDrive sites, and other Microsoft 365 resources. 


Data protection: Microsoft 365 security offers functions to monitor and control data used by 
companies, such as the ability to identify and protect sensitive data in emails and documents. 


Identity and Access Protection: Microsoft 365 Security provides capabilities to control access to 
corporate data, including the ability to manage authentication and authorization. 


Compliance and governance tools: Microsoft 365 Security provides features to support compliance 
requirements such as GDPR, HIPAA, and others, and allows organizations to monitor and audit their 
data and user activity. 


Security management: Microsoft 365 Security provides a unified console for managing security 
functions, including the ability to centrally manage security policies and configurations and generate 
reports on security incidents. 


Overall, Microsoft 365 Security offers acomprehensive security solution that helps organizations 
protect their data and users from threats and meet their compliance needs. 


Architecture of MS 365 Security 
The architecture of Microsoft 365 Security consists of multiple layers that work together to help 
organizations protect their data and users from threats and meet their compliance needs. 


Endpoint protection: Microsoft 365 Security offers endpoint protection features such as Windows 
Defender Advanced Threat Protection (ATP) and Office 365 Advanced Threat Protection (ATP) to 
protect against malware and other threats on endpoints. 


Network protection: Microsoft 365 Security offers network protection features such as Azure 
Advanced Threat Protection (ATP) and Azure Information Protection (AlP) to protect against threats 
that attack the corporate network. 


Cloud protection: Microsoft 365 Security offers cloud protection features such as Exchange Online 
Protection (EOP) and SharePoint Online Protection (SPOP) to protect against threats that attack 
corporate data in the cloud. 


Identity and access protection: Microsoft 365 Security provides identity and access protection 
features such as Azure Active Directory (AAD) and Microsoft Cloud App Security (MCAS) to protect 
against unauthorized access to corporate data. 


Compliance and governance tools: Microsoft 365 Security provides compliance and governance tools 
such as Microsoft Compliance Center and Microsoft Secure Score to support compliance 
requirements and to monitor and control corporate data and user activity. 


Security management: Microsoft 365 Security provides a unified console for managing security 
functions, including the ability to centrally manage security policies and configurations and generate 
reports on security incidents. 


Overall, Microsoft 365 Security provides a comprehensive architecture that enables organizations to 
protect their data and users from threats, meet their compliance needs, and manage their security 
strategy. 


Supported Platforms 
Microsoft 365 Security supports a variety of platforms to help organizations protect their data and 
users from threats and meet their compliance needs. 


Windows: Microsoft 365 Security supports Windows operating systems such as Windows 10 and 
Windows Server. It offers endpoint protection features such as Windows Defender Advanced Threat 
Protection (ATP) to protect against malware and other threats on Windows-based endpoints. 


MacOS: Microsoft 365 Security also supports macOS operating systems and offers endpoint 
protection features such as Office 365 Advanced Threat Protection (ATP) to protect against malware 
and other threats on Mac-based endpoints. 


Office applications: Microsoft 365 Security supports Office applications such as Word, Excel, 
PowerPoint and Outlook. It offers protection features such as Office 365 Advanced Threat Protection 
(ATP) to protect against malware and other threats propagated through Office documents. 


Exchange Online: Microsoft 365 Security supports Exchange Online, Microsoft's cloud-based email 
and calendar service. It offers protection features like Exchange Online Protection (EOP) to protect 
against email threats. 


SharePoint Online: Microsoft 365 Security supports SharePoint Online, Microsoft's cloud-based 
document management and collaboration platform. It offers protection features like SharePoint 
Online Protection (SPOP) to protect against threats that attack SharePoint data. 


Microsoft Teams: Microsoft 365 Security supports Microsoft Teams, Microsoft's cloud-based team 
communication and collaboration platform. It offers protections like Microsoft Teams Advanced 
Communications Compliance to protect against threats that attack Teams data. 


Azure Active Directory: Microsoft 365 Security supports Azure Active Directory (AAD), Microsoft's 
cloud-based identity and access protection platform. It offers protections such as Azure Active 
Directory Identity Protection and Azure Active Directory Privileged Identity Management to protect 
against unauthorized access to corporate data. 


Overall, Microsoft 365 Security offers support for a variety of platforms to help organizations protect 
their data and users from threats and meet their compliance needs, both on-premises and cloud- 
based. This enables companies to unify and automate their IT security, which can save them time and 
resources. With Microsoft 365 Security, organizations can protect their data, applications, and users 
in real time by detecting and blocking threats before they can do harm. Additionally, Microsoft 365 
Security provides compliance tools to help organizations meet and document their compliance 
needs, enabling them to mitigate their risks and protect their reputation. 


2.Planning and preparation 


Hardware and software requirements 
In order to use Microsoft 365 Security, there are certain hardware and software requirements that 
must be met. 


Hardware requirements: 


At least AGB of RAM 
At least 10 GB of free disk space 
At least 2 GHz dual-core processor 


Software Requirements: 


Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server 2012 R2, 
Windows Server 2012, Windows Server 2008 R2 


Office 365 ProPlus, Office 365 Business, Office 365 Business Premium, Office 365 Enterprise E3, 
Office 365 Enterprise E5, Office 365 A3, Office 365 A5, Office 365 G3, Office 365 G5, Office 365 F3, 
Office 365 F5 


Internet Explorer 11 or later, Microsoft Edge (latest version), Google Chrome (latest version), Mozilla 
Firefox (latest version) 


It's also important to use the most current version of Microsoft 365 Security to ensure all features 
and security updates are available. 


It's important to note that the requirements for using Microsoft 365 Security depend on the size and 
scope of the organization and can vary depending on which features and services are used. It is 
therefore advisable to discuss the requirements with a Microsoft partner or consultant to ensure 
that the correct hardware and software is provided. 


Planning of security policies and processes 

Planning security policies and processes is an important part of implementing Microsoft 365 Security. 
Thorough preparation and planning can help ensure that the implementation goes smoothly and that 
desired security outcomes are achieved. 


The first phase of planning is to understand the organization and its security needs. This includes 
identifying protection needs, risks and compliance requirements. It is important to understand the 
needs of each department and user in the organization to ensure the right security measures are 
implemented. 


After understanding the requirements, the next phase should be to develop the security policies and 
processes. This includes creating policies for managing user accounts, access rights, passwords, 
devices and data. It is important to develop security incident monitoring and response processes to 
ensure the organization can respond to threats quickly and effectively. 


An important phase of planning is conducting testing and training to ensure employees understand 
and can follow policies and processes. It is important to conduct training to inform employees about 
the new security measures and to help them adapt to the new processes. Tests can help verify the 
effectiveness of security measures and identify any weaknesses. 


The final phase of planning is implementing Microsoft 365 Security and monitoring the results. It is 
important to monitor the results to ensure that security measures are effective and that policies and 
processes are being properly followed. It is also important to conduct regular reviews to ensure 
security measures remain up-to-date and in line with evolving threats and requirements. 


Overall, planning security policies and processes should be an ongoing process that includes 
identifying requirements, developing policies and processes, conducting testing and training, and 
implementing and monitoring the results. Adhering to this approach can ensure the organization is 
protected from threats and compliance requirements are met. 


MS 365 security organization design 
The design of an MS 365 security organization depends on a company's specific requirements and 
needs, but may contain some general elements. 


An important part ofthe design is the creation of roles and responsibilities for security. This may 
include the appointment of a security officer responsible for the development and implementation 
of security policies and processes. It may also involve setting up security teams or groups to deal with 
specific aspects of security, such as network security, application security, or data security. 


Another important element is the implementation of technical controls to ensure security. This may 
include the use of firewalls, antivirus software, data backups, and access controls. It is important that 
these controls are regularly reviewed and updated to ensure they reflect current threats and 
requirements. 


Another important element is the implementation of training and awareness measures for 
employees. This can help employees identify and avoid the risks and follow the right procedures and 
processes to ensure safety. 


Overall, the MS 365 security organization design should include a combination of technical controls, 
organizational measures, and training to ensure the organization is protected from threats and 
compliance requirements are met. 


3. Identity and Access Management 


Configure authentication methods 

Configuring authentication methods is an important part of security in Microsoft 365. There are 
several methods that can be used to ensure that only authorized users can access the resources in 
Microsoft 365. 


One method is to use passwords. This requires users to provide a password to access the resources. 
However, it is important that passwords are secure and changed regularly to ensure they cannot be 
guessed by unauthorized persons. 


Another method is using multi-factor authentication (MFA). This uses an additional method to 
authenticate the user, such as a text or call code. This increases security as it makes it harder for an 
attacker to guess or steal both the password and the additional method. 


Another method is to use smart cards or security keys. This requires the user to use a smart card or 
security key to access the resources. This increases security as it is more difficult for an attacker to 
steal or clone these devices. 


There is also the option of Single Sign-On (SSO) or Federated Identities, which enables the use of 
external authentication methods such as Azure Active Directory. 


It is important that the authentication methods chosen are regularly reviewed and updated to ensure 
they are in line with current threats and requirements. 


Configure access policies 
Configuring access policies is an important part of security in Microsoft 365. It allows organizations to 
control user and group access rights to specific resources and applications. 


One way to configure access policies is by using Role-Based Access Control (RBAC). Here, users and 
groups are assigned to specific roles that define specific access rights for specific resources and 
applications. For example, a "Reader" role can only have read permissions for certain folders, while 
an "Author" role can also have write permissions. 


Another option is to use conditional access. Here, access policies can be linked to certain conditions, 
such as the type of device from which the resources are accessed or the location of the user. For 
example, a policy can specify that users can only access certain resources from secured devices. 


Another option is to use Azure AD Identity Protection, which allows creating access policies based on 
risk assessments. These ratings are based on various factors such as user behavior, device type, user 
location and other factors. 


It is important that access policies are regularly reviewed and adjusted to ensure they reflect current 
threats and requirements. In addition, policies should be monitored to ensure they are being applied 
correctly and that there are no irregularities in access rights. 


Manage role-based access rights 

Managing role-based access rights is an important part of security in Microsoft 365. It allows 
organizations to control and monitor user and group access rights to specific resources and 
applications. 


One way to manage role-based access rights is to use Role-Based Access Control (RBAC). Here, users 
and groups are assigned to specific roles that define specific access rights for specific resources and 
applications. For example, a "Reader" role can only have read permissions for certain folders, while 
an "Author" role can also have write permissions. 


Another option is to use Azure AD Groups, here you can create groups and assign them special access 
rights and thus regulate access based on roles. 


To ensure access rights are applied correctly, roles should be regularly reviewed and adjusted to 
ensure they reflect current threats and requirements. It is also important that access rights are 
monitored to ensure that there are no irregularities in access rights and that access rights are being 
applied to the correct users and groups. 


lt is also possible to create reports to monitor access rights and understand who has accessed which 
resources and when. 


lt is important that access rights are regularly reviewed and adjusted to ensure they reflect current 
threats and requirements and that the organization is meeting its compliance needs. 


Manage multi-factor authentication 

Multi-factor authentication (MFA) is an important method for improving security in Microsoft 365. It 
requires users to verify their identity by using at least two factors before they can access resources 
and applications. This may involve using a password and a smartphone, biometric device, or security 
card. 


To manage MFA in Microsoft 365, you can use Azure Active Directory (AAD). In AAD one can create 
MFA policies that can be applied on specific user or group bases. One can also select individual 
applications or services that should require MFA. 


There are several ways users can verify their identity when they sign in. For example, they can 
receive a text message or call to verify acode, or they can use an authenticator app to generate a 
code. 


There is also the possibility to configure custom authentication methods, such as integrating 
hardware tokens or smart cards. 


It is important that MFA policies are regularly reviewed and adjusted to ensure they reflect current 
threats and requirements and that the organization is meeting its compliance needs. 


Reports can be generated to understand MFA usage and successful and failed authentication 
attempts. 


Overall, managing multi-factor authentication in Microsoft 365 provides an additional layer of 
security by securely confirming users’ identities and preventing unauthorized persons from accessing 
protected resources and applications. 


4.Management of security and compliance functions 


Configure security policies 
Microsoft 365 Security offers a variety of ways to configure and customize security policies to protect 
an organization's data and users from threats and meet compliance requirements. 


One of the most important tools for configuring security policies is the Microsoft 365 Security Center 
console. Here administrators can configure and manage various security functions such as managing 
access rights, monitoring threats and conducting security checks. 


Another way to configure security policies is by using Azure Active Directory Group Policy. These 
allow administrators to apply policies to user groups to ensure specific security requirements are met 
when Microsoft 365 data and applications are accessed. 


Another option is to use Microsoft Cloud App Security. This tool allows admins to set and monitor 
security policies for cloud apps. You can also set specific actions like block or warn when policies are 
violated. 


Another option is to use Microsoft Intune. This tool allows administrators to set and monitor mobile 
device and application policies. You can also set specific actions such as blocking or wiping devices 
when policies are violated. 


It is important to note that security policy configuration is an ongoing process and should be 
regularly reviewed and adjusted to ensure it always reflects current threats and requirements. 


Manage security alerts and events 

Microsoft 365 Security provides a comprehensive security dashboard that helps admins manage 
security alerts and events. This dashboard provides insights into potential threats, including malware, 
phishing attacks, and other security risks. 


Administrators can access detailed information about each alert and event, including affected users, 
devices, and applications. You can also take appropriate measures to eliminate the threat, such as 
removing malware or banning user accounts. 


Another important feature is the ability to configure notifications and alerts for specific events and 
alerts. Administrators can be notified when specific events occur, such as when a user opens an 
attachment in a phishing email or when an unknown device attempts to access the network. 


Managing security alerts and events in Microsoft 365 Security enables admins to quickly respond to 
potential threats and protect their organization from attacks. They can also use historical data to 
identify attack patterns and improve their organization's security over the long term. 


Configure compliance policies 

Microsoft 365 Security offers extensive options for configuring compliance policies. This enables 
organizations to protect their data and users from threats and ensure compliance with industry 
standards and regulatory requirements. 


An important part of compliance policies in Microsoft 365 Security is the ability to configure data loss 
prevention (DLP). DLP enables administrators to identify and protect sensitive data, such as financial 
or personal information, by setting rules that limit the sharing or disclosure of that data. 


Another key feature is the ability to configure access policies that determine who can access specific 
data and applications. Administrators can set rules that allow specific groups of users to access 
specific data while blocking other users. 


Also, the ability to set up monitoring and recording capabilities, allowing administrators to monitor 
and record activities on their network and in the cloud. This allows them to quickly identify and 
remediate potential compliance violations or threats. 


Overall, configuring compliance policies in Microsoft 365 Security enables organizations to protect 
their data and users and ensure compliance with industry standards and regulatory requirements by 
setting rules that restrict the sharing or disclosure of sensitive data, access policies, and activities 
monitor and record on their network and in the cloud. 


Manage compliance alerts and events 

Microsoft 365 Security offers a variety of tools and capabilities to manage compliance policies and 
events. An important part of this is the Microsoft 365 Compliance Center, which enables 
administrators to define and enforce compliance requirements for their company. 


One of the most important tools in the compliance center is the ability to create and apply document 
and data policies. For example, these policies can regulate the automatic deletion of documents after 
a certain period of time or the protection of sensitive data through encryption. Administrators can 
also specify which users can access specific data and what actions can be taken on that data. 


Another important tool in the compliance center is the ability to manage compliance alerts and 
events. These are notifications sent to administrators when a compliance violation is detected. For 
example, an alert can be sent when a user has attempted to download a sensitive document to an 
unauthorized device. Administrators then have the ability to quickly respond to this event and take 
appropriate action. 


Another important tool for managing compliance events is the ability to view audit logs. These logs 
provide information about who performed what actions on what data, allowing administrators to 
understand who is responsible for a compliance violation and take appropriate action. 


Overall, Microsoft 365 Security offers an extensive range of tools and functions for managing 
compliance policies and events. These allow administrators to enforce their compliance 
requirements and quickly identify and fix potential violations. 


5,Privacy Management 


Configure privacy policies 

Microsoft 365 Security offers extensive options for configuring data protection policies to help 
companies meet their legal and regulatory requirements in the area of data protection. A key part of 
this is the ability to apply privacy policies to different types of data and user types. 


One way to configure data protection policies is to use DLP (Data Loss Prevention) policies. These 
make it possible to automatically recognize and protect certain types of data, such as credit card or 
social security numbers, by triggering measures such as encryption or blocking of emails containing 
sensitive data. 


Another important tool for configuring data protection policies is using Azure Information Protection. 
This solution makes it possible to automatically classify and protect data by providing it with specific 


labels and protections. These labels can then be used to apply access rights and other security 
measures to the data. 


Another way to configure privacy policies is to use Azure Active Directory policies. These make it 
possible to control access rights to data and applications based on user roles and group 
memberships. 


Overall, Microsoft 365 Security offers extensive options for configuring data protection policies. 
Using tools like DLP, Azure Information Protection and Azure Active Directory, it is possible to 
automatically discover and protect data and control access rights to data and applications based on 
user roles and group memberships. 


Manage privacy alerts and events 

Microsoft 365 Security offers extensive options for configuring and enforcing data protection 
policies. These include the ability to set privacy classifications that are automatically applied to 
documents and emails, and the ability to set access and sharing rights for specific users or groups. 


An important part of privacy policy management is managing privacy alerts and events. This includes, 
for example, notifications about possible data leaks or about access to sensitive material by 
unauthorized users. 


Configuration of privacy policies is done through the Microsoft 365 security and compliance centers. 
Here administrators can make various settings to adjust the data protection guidelines for their 
organization. This includes defining data protection classifications that are automatically applied to 
documents and emails, as well as defining access and sharing rights for specific users or groups. 


Administrators can also manage compliance alerts and events to ensure compliance with privacy 
policies and identify potential privacy violations early. This includes, for example, notifications about 
possible data leaks or about access to sensitive material by unauthorized users. 


By using Microsoft 365 Security, organizations can safely and effectively enforce their privacy policies 
and identify and remediate potential data breaches early on. 


Configure privacy settings 

Microsoft 365 Security offers organizations a variety of tools and capabilities to help them configure 
and manage their privacy settings. Some important aspects to consider when configuring privacy 
settings are: 


Privacy Policies: Businesses can configure and customize their privacy policies to ensure they comply 
with applicable data protection laws and that users are informed about how their data is being 
processed. 


Privacy Policies: Organizations can set policies that protect certain types of data, such as personally 
identifiable information, from unwanted access. These policies can be applied to different data 
sources such as email, SharePoint, OneDrive, etc. 


Privacy monitoring controls: With Microsoft 365 Security, organizations can configure monitoring 
controls to detect when privacy policies are being violated and to generate notifications and alerts 
when potential privacy violations are detected. 


Privacy dashboards: Microsoft 365 Security also offers organizations the ability to create privacy 
dashboards to get an overview of privacy compliance and to quickly respond to potential issues. 


Privacy Reports: Organizations can also create reports that provide more detailed information about 
privacy compliance and potential data breaches. These reports can be used to document compliance 
with applicable data protection laws. 


It is important to note that configuring privacy settings is an ongoing process, as privacy laws and 
requirements are constantly changing. Businesses should therefore regularly review and adjust their 
privacy settings to ensure they meet current requirements. This includes monitoring privacy alerts 
and events to identify and address potential issues early. 


Another important element is training employees to understand and comply with privacy policies 
and processes. Clear communication and documentation of privacy settings is also important to 
ensure they are understood and followed by all stakeholders. 


Overall, configuring privacy settings is an important aspect of security in Microsoft 365 that helps 
protect the organization from data breaches and penalties while respecting user privacy. 


6. Management of data security 


Configure data security policies 
Configuring data security policies is an important part of MS 365 security. With these guidelines, 
companies can protect their data from unauthorized access, loss or misuse. 


Some of the features available in MS 365 for configuring data security policies are: 


Encryption of data at rest and in transit 

Backup of data in the cloud and on local devices 

Set up data access rules to ensure only authorized individuals have access 

Establish retention policies to ensure data is not stored for unnecessarily long periods 
Set up auditing capabilities to track changes to data 


It is important that the configuration of these policies is carefully planned and implemented to 
ensure they meet the needs of the organization and comply with all applicable laws and regulations. 
It is also good practice to regularly monitor and review these policies to ensure they are current and 
effective. 


Manage data security alerts and events 

Microsoft 365 Security offers organizations the ability to configure data security policies to ensure 
data security. For example, these policies may include the use of encryption, meeting compliance 
requirements, and restricting access rights to specific data. 


To manage these policies, Microsoft 365 Security provides a dashboard with monitoring capabilities 
that admins can use to track and analyze data security alerts and events in real time. These features 
enable administrators to quickly detect and remediate potential security threats, for example by 
identifying unusual user behavior or restricting access to certain data. 


It is important for organizations to regularly review and update their data security policies to ensure 
they reflect current threats and requirements. Monitoring and analyzing data security alerts and 
events can also help identify and fix potential security issues early, thereby ensuring data security. 


Configure data security settings 

Configuring data security settings refers to setting up protection mechanisms for the data stored in a 
Microsoft 365 environment. This includes, among other things, the use of encryption technologies, 
the establishment of access and authorization controls and the implementation of backup and 
recovery functions. 


One way to configure data security settings in Microsoft 365 is by using Azure Information Protection 
(AIP). This tool makes it possible to scan documents and e-mails for confidential information and to 
automatically encrypt or label them. We also recommend using Microsoft Cloud App Security (MCAS) 
to detect and block unwanted or dangerous activity on cloud apps. 


Another important element of data security is the establishment of access and authorization 
controls. Role-based access rights (RBAC) can be used here to ensure that only authorized users can 
access specific data. Using multi-factor authentication (MFA) can also help prevent unauthorized 
access. 


Regular data backup is also an important part of data security. This allows for quick and effective 
recovery in the event of data loss. Among other things, Microsoft offers the Microsoft 365 Backup 
tool for this purpose, which makes it possible to back up data from Office 365, SharePoint and 
OneDrive. 


It is important to note that configuring data security settings is an ongoing process as the threat 
landscape and technology can constantly change. Businesses should therefore regularly review and 
update their data security settings to ensure their data is protected using the latest technology. 


7. Management of DLP and RMS 


Configure DLP policies 

DLP (Data Loss Prevention) is a key capability of Microsoft 365 Security that helps organizations 
protect sensitive data from accidental or unauthorized loss or misuse. To configure DLP policies, 
organizations must first go through certain steps: 


Identify the types of data to protect, including sensitive information like credit card numbers, social 
security numbers, or health information. 


Create rules for identifying this data: This can be done using regular expressions, patterns or 
keywords. 


Configure actions for the rules: These actions can include things like blocking, encrypting, or 
monitoring messages or files. 


Test the rules: Before the policies are applied across the organization, they should be thoroughly 
tested to ensure they are delivering the desired results and are not having any undesirable effects. 


Monitor and review policies: Once configured, DLP policies should be regularly monitored and 
reviewed to ensure they are still in effect and no adjustments are needed. 


Inthe event of DLP policy violations or data security alerts and events, IT administrators can take 
appropriate action, such as suspending user accounts or restricting access rights. 


Manage DLP alerts and events 

DLP (Data Loss Prevention) is an important part of Microsoft 365 security that helps reduce the risk 
of data loss or theft. To configure DLP policies, organizations must first identify specific rules and 
regulations applicable to their industry and specific needs. This can be, for example, compliance with 
laws such asthe EU GDPR or HIPAA in the USA. 


To configure the DLP policies, one can use the Microsoft 365 DLP tools, which make it possible to 
detect and protect certain types of data (e.g. credit card numbers, social security numbers, etc.). This 
can be done by creating protection templates or by creating custom rules. 


Management of DLP alerts and events is typically done by the organization's security and compliance 
teams. These teams receive notifications when potential data breaches are detected and can then 
take appropriate action to mitigate or eliminate the risk. This can be done, for example, by blocking 
emails or deleting files. It is also important that these teams use regular monitoring and reporting 
capabilities to ensure DLP policies are being implemented correctly and adhered to. 


Configure RMS policies 

Microsoft 365 (formerly known as Office 365) offers a range of security features to help organizations 
protect their data and users from threats and meet their compliance needs. One of these features is 
the use of Rights Management Services (RMS) to protect sensitive information. 


RMS enables organizations to maintain control over how data is used by providing the ability to set 
access rights for specific users or groups. This can include restricting actions such as printing, 
forwarding or editing documents. 


To configure RMS policies, administrators must first create or purchase an RMS key service 
certificate. This certificate is used to ensure encryption and decryption of data. Then administrators 
can create RMS policies that specify specific user or group rights by specifying the allowed actions on 
the data. 


It's important to note that RMS policies can only be applied to files stored in Microsoft 365 services, 
such as OnebDrive for Business or SharePoint Online. Separate solutions must be used to ensure the 
security of data stored outside of these services. 


Once configured, administrators can manage RMS alerts and events by monitoring the activity logs to 
see who performed what actions on the protected data. You can also create alerts to be informed of 
specific actions taken on the protected data, such as when someone tries to print a protected 
document. 


Manage RMS alerts and events 

Microsoft 365 Security offers a range of features to ensure data security and the protection of 
sensitive information within acompany. One of these functions is the management of RMS (Rights 
Management Services) policies. 


RMS allows organizations to restrict access rights to specific documents or files by setting specific 
rules and restrictions. This can include who can access a file, whether it can be edited, and when 
permissions expire. These rules can be configured using user roles, authentication methods, and time 
restrictions. 


RMS alerts and events are managed through the Microsoft 365 security center. Here, administrators 
can monitor events and alerts that indicate RMS policy violations. These events can then be used to 
review and, if necessary, adjust the policies to ensure they continue to meet the needs of the 
organization. 


It is important to note that configuring RMS policies and managing alerts and events is an ongoing 
process as threats and data security requirements are constantly changing. Organizations should 
therefore regularly review and update their RMS policies and keep an eye on events and alerts to 
ensure they are adequately protecting their data and users. 


8.Monitoring and Troubleshooting 


Configure monitoring options 

Configuring auditing options in Microsoft 365 allows admins to monitor and manage different types 
of activity on their platforms. This includes, for example, monitoring user activity, email traffic, 
document activity and security alerts. 


One of the most important monitoring options is to set up audit logs. These enable administrators to 
record and analyze activities on their platforms to detect possible security breaches or compliance 
violations. Administrators can set up audit logs for various services such as Exchange Online, 
SharePoint Online, OneDrive for Business, and Azure Active Directory. 


Another important monitoring option is to set up notifications. These enable administrators to be 
informed in real time about certain events, such as security breaches or compliance violations. 
Administrators can set up notifications for various events such as successful or failed login attempts, 
successful or failed document sharing, and other events. 


Another important monitoring option is to set up monitoring reports. These allow administrators to 
collect and analyze information about the activities on their platforms. Administrators can create and 
view reports for various services such as Exchange Online, SharePoint Online, OneDrive for Business, 
and Azure Active Directory. 


Overall, it's important that admins regularly review and adjust their monitoring options to ensure 
they're getting the information they need to keep their platforms secure and compliant. 


Manage logs and reports 

Configuring monitoring options involves setting up rules and alerts for various events related to 
Microsoft 365 security. This includes, for example, successful and failed login attempts, changes to 
security settings and access to sensitive data. 


To configure these monitoring options, administrators can use Microsoft 365's built-in security and 
compliance tools, such as Azure Active Directory, Azure Information Protection, and Microsoft Cloud 
App Security. You can create rules to capture specific events and generate alerts that are sent to the 
responsible people. 


Over time, it is important to monitor the logs and reports to ensure that the monitoring options are 
working properly and that unexpected events are not occurring. It's also a good idea to generate 
regular reports to monitor and evaluate the company's security performance. These reports can be 
used to identify trends and identify and remediate potential threats early. 


Troubleshoot problems 

Troubleshooting MS 365 security related issues requires thorough analysis of the situation and 
application of specific steps to resolve the issue. The first step is to reproduce the problem and 
describe the symptoms accurately. This can help identify the source of the problem. 


An important part oftroubleshooting is to review your existing security policies and settings to 
ensure they are configured correctly and there are no conflicts. It is also important to review the logs 
and reports to identify any errors or anomalies. 


Once the cause of the problem has been identified, a solution can be developed. This can include 
adjusting security policies, updating software, or configuring monitoring options. It is important to 
test the solution thoroughly to ensure that the problem has actually been fixed and that there are no 
unexpected side effects. 


When troubleshooting is complete, the logs and reports should be reviewed to ensure the problem is 
not recurring. It's also important to document the solution so that it can be used as a reference for 
future problems. 


In conclusion, it is important to note that troubleshooting security issues is an ongoing process and it 
is important to conduct regular monitoring to identify and fix potential problems early. Athorough 
and structured approach can help resolve issues faster and more effectively, and help keep MS 365 
secure. 


9.Upgrades and Migrations 


Upgrade to newer versions of MS 365 security 

Upgrading to newer versions of MS 365 Security is an important process to ensure the organization is 
always equipped with the latest security features and improvements. Here are some steps to 
consider when upgrading to a newer version of MS 365 Security: 


Planning: Before the upgrade begins, ITteams should create a detailed plan that covers the upgrade 
schedules, resources, and risks. It is also important to seek support from other departments such as 
the data protection and compliance team. 


Testing: Before performing the upgrade in a production environment, IT teams should try the new 
version in a test environment to identify and fix potential issues. 


Documentation: It's important to document every step of the upgrade so that you can track issues 
and troubleshoot issues later. 


Training: The IT team and users should be trained on how to use the new features and security 
policies of the new release to ensure they are applying them correctly. 


Monitoring: After the upgrade, IT teams should monitor the performance and security of the new 
version to ensure all features are working properly and any security concerns can be addressed 
quickly. 


Maintenance: It is important to regularly maintain and update the upgrade to ensure that the 
organization always has the latest security features. 


Migrating from older versions of MS 365 security 

Migrating from older versions of MS 365 security requires thorough planning and execution to 
ensure all data and settings are successfully transferred and the security of the organization is not 
compromised. The first step is to take a detailed inventory of all current security settings and 
policies. This information is used to ensure that all settings and policies are supported in the newer 
version and can be configured appropriately. 


The next step is to create a migration schedule that minimizes downtime and ensures that the 
security of the organization is not compromised during the process. It is also important to ensure 


that all users are migrated to the newer version and that they are properly trained to take advantage 
of the new features and security settings. 


During the migration process, it is important to maintain data security and ensure that all data is 
transferred successfully. This can be achieved by using data backup and recovery strategies to ensure 
that all data can be recovered in the event of a problem. 


After the migration is complete, extensive testing should be performed to ensure that all settings and 
policies are configured correctly and that the security of the organization has not been compromised. 
It's also important to conduct regular monitoring to ensure security is kept up to date and that 
problems can be identified and fixed quickly. 


Migrating from other security solutions to MS 365 

Migrating from other security solutions to Microsoft 365 requires careful planning and execution to 
ensure all security features and policies are successfully transferred and data integrity is maintained 
throughout the process. The first step in migration is to create a detailed inventory of all existing 
security features and policies implemented in the current solution. This inventory listing serves as a 
basis for identifying the features and policies that need to be implemented in Microsoft 365. 


After that, the required Microsoft 365 licenses should be purchased. 


Then the Microsoft 365 security features should be configured to ensure that they meet the 
requirements of the existing security policies. This can include configuring authentication methods, 
access policies, role-based access rights, multi-factor authentication, security policies, compliance 
policies, privacy policies, data security policies, DLP policies, and RMS policies. 


All security alerts and events should also be monitored during the migration to ensure no data 
breaches occur. 


After migration, all data security settings, monitoring options, logs and reports should be reviewed to 
ensure they are working properly and meet all requirements. If problems arise, they should be 
rectified as soon as possible. 


It's also important to regularly update Microsoft 365 security features to ensure the latest security 
updates and enhancements are implemented and the organization is protected from the latest 
threats. 


lt is important that the IT department works in close cooperation with the security team to ensure 
that the migration is successful and that security is not compromised throughout the process. This 
can be accomplished by identifying risks, creating a detailed migration plan, and regularly testing and 
monitoring throughout the process. It is also important to inform all users about the planned 
changes and to ensure that they receive the necessary training to become familiar with the new 
security solution. Even after the migration is complete, regular checks should be performed to ensure 
security remains up to date. 


10.Advanced Configurations 


Configure MS 365 security integrations 

Configuring MS 365 security integrations involves setting up connections between MS 365 and other 
security solutions to improve security and compliance within the organization. This includes, for 
example, the integration of firewall systems, virus scanners, e-mail security, intrusion detection 
systems and prevention systems. 


To configure MS 365 security integrations, you must first ensure that the required APIs and 
connectors are available and the correct access rights have been set up. You can then set up the 
integrations in the MS 365 admin center or via PowerShell scripts. 


It is important that the IT department and the security team work closely together to ensure that the 
integrations are properly configured and monitored. It's also important to update documentation 
and run tests regularly to ensure integrations are working properly. It's also important to regularly 
monitor and tweak integrations to ensure security and compliance remain current across the 
organization. 


Configure MS 365 security custom solutions 

Configuring MS 365 security custom solutions involves creating custom rules and policies tailored to 
an organization's specific needs. This can include creating rules for data classification, monitoring 
security events, configuring DLP policies, and creating custom reports. 


To configure custom solutions, one must first identify the appropriate tools and capabilities in MS 
365 that will be used for the solution. This may involve using Azure Active Directory for 
authentication, Azure Information Protection for data classification, and Azure Security Center for 
security event monitoring. 


Once identified, the appropriate settings and rules need to be configured. This can include creating 
rules for data classification, configuring DLP policies, and creating custom reports. It is important that 
these settings and rules are reviewed regularly to ensure they are up to date and that they meet the 
needs of the organization. 


lt is also important that the IT department and security team work closely together to ensure that 
the custom solutions are properly implemented and monitored. This may include conducting tests to 
ensure that the rules and settings are working properly and that the reports are being generated 
correctly. 


In sum, configuring MS 365 security custom solutions is an important part of security management 
and enables organizations to better meet their security needs. However, it requires close 
collaboration between the IT department and the security team, as well as regular reviews and 
adjustments to ensure the solutions remain up-to-date and able to meet the changing threats. It is 
also important to monitor the integrity of the custom solutions and ensure they are not being 
misused by attackers. A regular audit process that verifies the performance and effectiveness of the 
solutions is also essential to ensure they are fit for purpose and protecting the company's data. 


Configure MS 365 security automations 

Configuring MS 365 security automations involves setting up automated processes and rules to 
detect and combat specific security threats. This can include, for example, automatically blocking 
suspicious IP addresses or automatically deleting malicious emails. 


To configure MS 365 security automations, organizations must first develop a security strategy that 
takes into account their specific needs and threats. After that, the IT department can set up the 
appropriate automations in the security functions of MS 365, such as in Azure Advanced Threat 
Protection or Microsoft Cloud App Security. 


lt is important that the automated processes are regularly reviewed and adjusted to ensure they are 
still up to date with current threats and are not producing false positives. In addition, the results of 
the automations should be monitored and analyzed in order to identify trends and patterns in the 
threats and to adjust the security strategy if necessary. 


It's also important to thoroughly test the automations before deploying them in a production 
environment to ensure they work as expected and don't have a negative impact on business 
operations. 
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